WO2006076382A3 - Method and apparatus providing policy-based revocation of network security credentials - Google Patents
Method and apparatus providing policy-based revocation of network security credentials Download PDFInfo
- Publication number
- WO2006076382A3 WO2006076382A3 PCT/US2006/000865 US2006000865W WO2006076382A3 WO 2006076382 A3 WO2006076382 A3 WO 2006076382A3 US 2006000865 W US2006000865 W US 2006000865W WO 2006076382 A3 WO2006076382 A3 WO 2006076382A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- attributes
- network
- network security
- credential
- credentials
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Abstract
A method for policy-based revocation of network security credentials comprises receiving and storing one or more credential revocation rules, wherein each of the credential revocation rules specifies one or more first attributes and first values of the first attributes, associated with one or more credentials to be revoked; receiving and storing one or more network credentials, wherein each of the network credentials comprises one or more second attributes and second values of the second attributes; and when second values of one or more second attributes of a particular network credential among the one or more network credentials match first values of one or more first attributes of one of the credential revocation rules, determining that the particular network credential is invalid, and performing a responsive action.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200680001894XA CN101208685B (en) | 2005-01-11 | 2006-01-10 | Method and apparatus providing policy-based revocation of network security credentials |
EP06717996.0A EP1836798A4 (en) | 2005-01-11 | 2006-01-10 | Method and apparatus providing policy-based revocation of network security credentials |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/034,346 | 2005-01-11 | ||
US11/034,346 US20060156391A1 (en) | 2005-01-11 | 2005-01-11 | Method and apparatus providing policy-based revocation of network security credentials |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006076382A2 WO2006076382A2 (en) | 2006-07-20 |
WO2006076382A3 true WO2006076382A3 (en) | 2007-11-01 |
Family
ID=36654878
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/000865 WO2006076382A2 (en) | 2005-01-11 | 2006-01-10 | Method and apparatus providing policy-based revocation of network security credentials |
Country Status (4)
Country | Link |
---|---|
US (1) | US20060156391A1 (en) |
EP (1) | EP1836798A4 (en) |
CN (1) | CN101208685B (en) |
WO (1) | WO2006076382A2 (en) |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8099495B2 (en) | 2005-12-29 | 2012-01-17 | Intel Corporation | Method, apparatus and system for platform identity binding in a network node |
US8205238B2 (en) * | 2006-03-30 | 2012-06-19 | Intel Corporation | Platform posture and policy information exchange method and apparatus |
US8060931B2 (en) | 2006-09-08 | 2011-11-15 | Microsoft Corporation | Security authorization queries |
US20080065899A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Variable Expressions in Security Assertions |
US20080066169A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Fact Qualifiers in Security Scenarios |
US8201215B2 (en) * | 2006-09-08 | 2012-06-12 | Microsoft Corporation | Controlling the delegation of rights |
US20080066158A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Authorization Decisions with Principal Attributes |
US7814534B2 (en) | 2006-09-08 | 2010-10-12 | Microsoft Corporation | Auditing authorization decisions |
US8095969B2 (en) * | 2006-09-08 | 2012-01-10 | Microsoft Corporation | Security assertion revocation |
US20080066147A1 (en) * | 2006-09-11 | 2008-03-13 | Microsoft Corporation | Composable Security Policies |
US8656503B2 (en) * | 2006-09-11 | 2014-02-18 | Microsoft Corporation | Security language translations with logic resolution |
US8938783B2 (en) * | 2006-09-11 | 2015-01-20 | Microsoft Corporation | Security language expressions for logic resolution |
JP4502141B2 (en) * | 2007-09-18 | 2010-07-14 | 富士ゼロックス株式会社 | Information processing apparatus, information processing system, and information processing program |
US8527771B2 (en) * | 2007-10-18 | 2013-09-03 | Sony Corporation | Wireless video communication |
EP2053531B1 (en) * | 2007-10-25 | 2014-07-30 | BlackBerry Limited | Authentication certificate management for access to a wireless communication device |
US8060920B2 (en) * | 2008-06-20 | 2011-11-15 | Microsoft Corporation | Generating and changing credentials of a service account |
FI20100057A0 (en) * | 2010-02-12 | 2010-02-12 | Notava Oy | A method and system for creating a virtual device for redirecting data traffic |
US8848919B2 (en) * | 2011-06-17 | 2014-09-30 | Assa Abloy Ab | Revocation status using other credentials |
US20130061281A1 (en) * | 2011-09-02 | 2013-03-07 | Barracuda Networks, Inc. | System and Web Security Agent Method for Certificate Authority Reputation Enforcement |
US9225743B1 (en) * | 2012-04-12 | 2015-12-29 | Symantec Corporation | Automatic generation of policy from a group of SSL server certificates |
US9391782B1 (en) * | 2013-03-14 | 2016-07-12 | Microstrategy Incorporated | Validation of user credentials |
US9298923B2 (en) * | 2013-09-04 | 2016-03-29 | Cisco Technology, Inc. | Software revocation infrastructure |
US9900774B2 (en) | 2014-05-30 | 2018-02-20 | Paypal, Inc. | Shared network connection credentials on check-in at a user's home location |
US9454773B2 (en) | 2014-08-12 | 2016-09-27 | Danal Inc. | Aggregator system having a platform for engaging mobile device users |
US9461983B2 (en) * | 2014-08-12 | 2016-10-04 | Danal Inc. | Multi-dimensional framework for defining criteria that indicate when authentication should be revoked |
US10154082B2 (en) | 2014-08-12 | 2018-12-11 | Danal Inc. | Providing customer information obtained from a carrier system to a client device |
US9906512B2 (en) * | 2015-07-28 | 2018-02-27 | International Business Machines Corporation | Flexible revocation of credentials |
US10560274B2 (en) | 2016-06-09 | 2020-02-11 | International Business Machines Corporation | Credential-based authorization |
US10389683B2 (en) * | 2016-08-26 | 2019-08-20 | International Business Machines Corporation | Securing storage units in a dispersed storage network |
US11025607B2 (en) * | 2016-12-15 | 2021-06-01 | At&T Mobility Ii Llc | V2X certificate management |
US10447470B2 (en) * | 2017-10-04 | 2019-10-15 | The Boeing Company | Secure and disruption-tolerant communications for unmanned underwater vehicles |
EP3832508B1 (en) * | 2019-12-06 | 2024-01-24 | Siemens Aktiengesellschaft | Blocking or revoking a device certificate |
EP3951516A1 (en) * | 2020-08-04 | 2022-02-09 | Siemens Aktiengesellschaft | System and method for verifying components of an industrial control system |
US11522863B2 (en) * | 2020-10-29 | 2022-12-06 | Shopify Inc. | Method and system for managing resource access permissions within a computing environment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020099822A1 (en) * | 2001-01-25 | 2002-07-25 | Rubin Aviel D. | Method and apparatus for on demand certificate revocation updates |
US20020178361A1 (en) * | 2001-05-24 | 2002-11-28 | International Business Machines Corporation | System and method for dynamically determining CRL locations and access methods |
US20040064691A1 (en) * | 2002-09-26 | 2004-04-01 | International Business Machines Corporation | Method and system for processing certificate revocation lists in an authorization system |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2716323B1 (en) * | 1994-02-14 | 1996-05-03 | France Telecom | Secure system for interconnecting local networks via a public transmission network. |
US5699431A (en) * | 1995-11-13 | 1997-12-16 | Northern Telecom Limited | Method for efficient management of certificate revocation lists and update information |
US6748531B1 (en) * | 2000-03-28 | 2004-06-08 | Koninklijke Philips Electronics N.V | Method and apparatus for confirming and revoking trust in a multi-level content distribution system |
KR100731491B1 (en) * | 2000-10-12 | 2007-06-21 | 주식회사 케이티 | Method for managing dispersion certificate revocation list |
US20020099668A1 (en) * | 2001-01-22 | 2002-07-25 | Sun Microsystems, Inc. | Efficient revocation of registration authorities |
DE10107437A1 (en) * | 2001-02-16 | 2002-08-29 | Siemens Ag | display module |
US7437551B2 (en) * | 2004-04-02 | 2008-10-14 | Microsoft Corporation | Public key infrastructure scalability certificate revocation status validation |
-
2005
- 2005-01-11 US US11/034,346 patent/US20060156391A1/en not_active Abandoned
-
2006
- 2006-01-10 WO PCT/US2006/000865 patent/WO2006076382A2/en active Application Filing
- 2006-01-10 EP EP06717996.0A patent/EP1836798A4/en not_active Withdrawn
- 2006-01-10 CN CN200680001894XA patent/CN101208685B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020099822A1 (en) * | 2001-01-25 | 2002-07-25 | Rubin Aviel D. | Method and apparatus for on demand certificate revocation updates |
US20020178361A1 (en) * | 2001-05-24 | 2002-11-28 | International Business Machines Corporation | System and method for dynamically determining CRL locations and access methods |
US20040064691A1 (en) * | 2002-09-26 | 2004-04-01 | International Business Machines Corporation | Method and system for processing certificate revocation lists in an authorization system |
Also Published As
Publication number | Publication date |
---|---|
US20060156391A1 (en) | 2006-07-13 |
CN101208685A (en) | 2008-06-25 |
EP1836798A2 (en) | 2007-09-26 |
WO2006076382A2 (en) | 2006-07-20 |
EP1836798A4 (en) | 2013-08-07 |
CN101208685B (en) | 2010-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006076382A3 (en) | Method and apparatus providing policy-based revocation of network security credentials | |
WO2009088615A3 (en) | Selective authorization based on authentication input attributes | |
WO2010118278A3 (en) | Network security using trust validation | |
WO2009031112A3 (en) | Node for a network and method for establishing a distributed security architecture for a network | |
WO2006113189A3 (en) | Provisioning root keys | |
GB2425694B (en) | A method and an apparatus for securely communicating between a management server and a managed node associated with a dynamic provisioning system | |
EP1879325A4 (en) | Method and system for updating a secret key | |
PL1889503T3 (en) | Method for agreeing on a security key between at least one first and one second communications station for securing a communications link | |
WO2009044174A3 (en) | Authentication method and framework | |
WO2006107513A3 (en) | Methods and systems for exchanging security information via peer-to-peer wireless networks | |
WO2005074472A3 (en) | Methods and system for creating and managing identity oriented networked communication | |
WO2012044855A3 (en) | Secure multi-party communication with quantum key distribution managed by trusted authority | |
WO2007127637A3 (en) | Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices | |
WO2010017025A3 (en) | Secure resource name resolution | |
WO2011043903A3 (en) | Network access control | |
WO2006130616A3 (en) | Augmented single factor split key asymmetric cryptography-key generation and distributor | |
WO2007003997A3 (en) | Using one-time passwords with single sign-on authentication | |
WO2011094096A3 (en) | Establishing, at least in part, secure communication channel between nodes so as to permit inspection, at least in part, of encrypted communication carried out, at least in part, between the nodes | |
WO2009007985A3 (en) | Identity and policy-based network security and management system and method | |
WO2005089120A3 (en) | Secure authentication and network management system for wireless lan applications | |
WO2009110703A3 (en) | Authentication information management method in home network and an apparatus therefor | |
WO2007070273A3 (en) | Method and apparatus for selecting a codec in a packet-switched communication network | |
WO2009120771A3 (en) | Accessing secure network resources | |
WO2008132821A1 (en) | Security gateway system and its method and program | |
WO2006113885A3 (en) | Apparatus and method for network identification among multiple applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680001894.X Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 3289/DELNP/2007 Country of ref document: IN |
|
REEP | Request for entry into the european phase |
Ref document number: 2006717996 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006717996 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |